The netfilter flowtable implementation permits more hardware offload actions for IPv6 packets than the defined limit of 16. The description lists specific actions such as Ethernet mangling, SNAT, DNAT, double VLAN tagging, and redirects that can exceed this boundary, reaching 17 actions. The code change adds a check in flow_action_entry_next() to enforce the action limit, and also raises the maximum allowed actions to 24 to accommodate legitimate IPv6 configurations. Because the pre‑patch code could write beyond the bounds of the action array, a crafted packet could overflow the kernel memory structure. The description does not explicitly state the resulting effect, but based on standard overflow behavior, it is inferred that the overflow could corrupt kernel memory and trigger a crash or panic, leading to a system reboot and denial of service.

All Linux kernels that enable netfilter flowtable hardware offload for IPv6 and have not applied the commit from the 7.0 series will be affected. This includes the kernel releases in the 7.0 release‑candidate series listed in the CPE entries and any distribution that ships with a kernel built from this source tree. The vendors listed in the CNA record are generic Linux distributions that pull from the upstream source.

The CVSS score of 7.8 indicates high severity, yet the EPSS score of less than 1 % implies a low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog. Exploitation would most likely be achieved over the network by sending specially crafted IPv6 packets that trigger the offload action overflow. Successful exploitation would result in kernel memory corruption and likely a system reboot, providing an attacker with a denial‑of‑service attack vector. The availability of a patch and the low exploitation probability reduce the immediate risk, but the potential impact warrants prompt action.